Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Polish DPA Releases Data Privacy Inspection Plans – Targets Health, Shopping

shutterstock_283429205The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services and consumer sectors, with particular attention to certain profiling activities taking place in stores and shopping malls.

Continue Reading

Posted in News & Events

Your Cyber Minute: Watch Our Topline Digest of Today’s Cybersecurity Issues

offset_202677 Retouched 300x254With cybersecurity issues evolving rapidly, every minute counts. Our new video series, Your Cyber Minute, is specifically designed for busy in-house counsel to gain practical perspectives – fast. This multi-part series is an extension of our Ready, Set, Respond resource portal and highlights today’s hottest topics in cybersecurity. To watch in real time, follow us on LinkedIn and Twitter, where we post a new video on Monday and Thursday.

The two installments we’ve released so far feature cybersecurity practice lead and partner Harriet Pearson speaking with:

  • Former financial crimes enforcement lawyer and Hogan Lovells partner Greg Lisa about the NY Department of Financial Services’ (NY DFS) proposed cybersecurity regulations
  • Hogan Lovells Cyber Risk Services managing principal Jeff Lolley about major cyber threats facing organizations in 2017

Tune in to get the latest in what you need to know and how to better be prepared.

Continue Reading

Posted in International/EU Privacy

ICO Turns Spotlight on Data Broker Industry

shutterstock_187697849Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence to ensure that those individuals have adequately consented to receiving marketing communications.

Continue Reading

Posted in Consumer Privacy

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

iStock_000050783348_DoubleOn January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies key issues, and provides recommendations and assessments on the potential benefits and risks that IoT portends. The NTIA identifies cybersecurity, privacy and cross-border data flows as the most significant policy issues. It also proposes four principles for future policy engagement in which the Department would play a central role in creating conditions that would foster IoT growth. The agency also requested additional comments on the issues raised by the Green Paper.

Continue Reading

Posted in International/EU Privacy

“Cybersecurity Review” Takes Shape in China

shutterstock_293627249On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017.  The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June 2017.

Continue Reading

Posted in International/EU Privacy

Russia Increases Fines for Violations of Data Protection Laws

shutterstock_387241471On 7 February 2017, the Russian President signed into law a bill (link in Russian) introducing amendments to the Russian Code on Administrative Offences that increases the amount of the fines imposed for violating Russian data protection laws and differentiates the relevant offences’ types. The greatest increase raises maximum fines for certain violations from RUB 10,000 to 75,000 (approx. USD 170 to 1,260). The law will come into force on 1 July 2017.

Continue Reading

Posted in International/EU Privacy

Interview with Jan Albrecht, Dr. Stefan Brink and Tim Wybitul on the New German Data Protection Bill

shutterstock_545082313On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into force in 2018. The Chronicle of Data Protection’s summary of the most relevant aspects of the draft bill can be found here. We turn now to a preliminary assessment and explanation of proposed bill, provided by German Data Protection and Freedom of Information Officer Dr. Stefan Brink, European Parliament member Jan Albrecht, and Hogan Lovells partner Tim Wybitul.

Continue Reading

Posted in International/EU Privacy

Changes in Japan Privacy Law to Take Effect in Mid-2017; Key Regulator Provides Compliance Insights

shutterstock_356121362Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to implement new domestic requirements and engage internationally on cross-border data transfers, APEC, new technologies, and more.

Hogan Lovells recently hosted some of Japan’s senior data privacy regulators and advisors for a special briefing in our Washington, D.C. offices. Click here for our summary of the insights they shared on the amended law and how companies doing business in Japan should prepare to comply when the changes take effect in May 2017.

Posted in Consumer Privacy

Enforcement Window for Self-Regulatory Principles Has Begun One Week After FTC Report on Cross-Device Tracking

shutterstock_274954259On January 23, 2017, fourteen months after hosting a workshop to review the multi-device, multi-platform digital landscape, the FTC issued a staff report on cross-device tracking.  The report summarizes the FTC’s 2015 workshop on cross-device tracking and provides a set of related recommendations.  The report’s recommendations for cross-device tracking echo the FTC’s guidance and enforcement priorities for other online practices—transparency, choice, affirmative consent for sensitive data collection, and reasonable security.  The report also echoes themes from the FTC’s 2009 Self-Regulatory Principles for Behavioral Advertising report.  Commissioner Maureen Ohlhausen noted in a concurring statement that the new guidance “does not alter the FTC’s longstanding privacy principles but simply discusses their application in the context of a new technology.”

In this post, we look at the FTC’s previous advice on cross-device tracking, key takeaways from the FTC report, and how the guidance aligns with the Digital Advertising Alliance’s (DAA) self-regulatory principles for cross-device tracking, which become enforceable on February 1, 2017.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity February 2017 Events

Please join us for our February 2017 Privacy and Cybersecurity Events.

January 31-February 1
GDPRnow: A Practical Guide to Implementing the GDPR
Hogan Lovells will be hosting GDPRnow, two half-day events that will feature speakers from our global Privacy and Cybersecurity practice and Helen Dixon, the Irish Data Protection Commissioner. GDPRnow will offer expert and practical guidance on how to prepare for the GDPR. Hogan Lovells speakers include: Julie Brill, Harriet Pearson, and Bret Cohen (Washington, D.C.), Joke Bodewits (Amsterdam), Gonzalo Gállego (Madrid), Marcus Schreibauer (Düsseldorf), Stefan Schuppert (Munich), Tim Wybitul (Frankfurt) and Eduardo Ustaran (London).
Location: Location: Hogan Lovells’ offices in Washington, D.C. and New York

 

February 2
Privacy and Data Protection in the Digital World
Julie Brill will be chairing a panel on privacy and data protection at the 2017 ABA Consumer Protection Conference. The panel will focus on privacy risks for companies, enforcement and compliance considerations, and privacy by design.
Location: Atlanta, Georgia

 

Continue Reading